UK Cyber Threats at Record Level as Iranian Hackers Target Critical Infrastructure

The National Cyber Security Centre, the cybersecurity arm of GCHQ, has reported that the volume and sophistication of state-sponsored cyber attacks targeting United Kingdom critical infrastructure has reached record levels in the period following the outbreak of the US-Iran conflict, with Iranian state actors identified as among the primary sources of hostile activity against energy, water, communications and financial sector targets.
The NCSC’s assessment, shared with operators of critical national infrastructure, indicated that the attacks ranged from reconnaissance operations seeking to map vulnerabilities in control systems to more aggressive attempts to access operational technology networks that manage power distribution, water treatment and telecommunications switching. The UK had not at the time of reporting experienced a successful major disruptive attack, but the NCSC warned that the hostile tempo of activity significantly elevated the risk of an incident that could affect public services.
The connection between the cyber threat and the Iran war was explicit in the NCSC’s communications. Iranian state-sponsored cyber actors have a well-documented history of targeting the infrastructure of countries perceived as allies or supporters of the United States, and the UK’s refusal to allow US forces to use British bases for direct strikes on Iran had not prevented Tehran from treating British networks as legitimate targets for covert disruptive activity.
Operators of critical infrastructure received updated guidance on defensive measures, incident response protocols and the threat indicators associated with the specific techniques being used in the current campaign. The government also announced additional funding for the NCSC’s operational capacity to handle the increased threat volume, alongside engagement with private sector security firms working in the critical infrastructure protection space.
